Has the Zombie Apocalypse Invaded Your Data Center?
by Robert Genkinger
It could be a scene out of the Walking Dead... It was late and the data center had been empty since the sun had gone down for the night. Brian, the junior engineer on the IT team started breaking down the boxes. The chiller was running full blast and the cacophony of fans masked the stirrings of something bad… very bad. He wasn’t prepared. Brian wasn’t ready.
Staring at the avalanche of blinking lights that now cascaded across the systems on the data center floor, Brian hurried over to one of the keyboards. Something was happening and he was the only person in the building. Beads of sweat formed on Brian’s brow and panic began to set in (queue ominous music here).
They had been mostly quiet until now. Some trapped in a suspended state, others shambled about aimlessly. Their awareness waited to be sparked and then they would feed. Wordlessly, they would suck up resources until everything was consumed.
Slowly the zombies began to move – their pace and voracity increasing rapidly. The herd needed to satiate their hunger. They needed to feed…
Back to Reality…
In IT, Virtual Zombies are accounts that have been dead for a very long time. Old employees, defunct working groups, consultants, demo accounts, and partners are all examples of the herds of Virtual Zombies that nearly every organization houses in their network. Some have been effectively contained, deleted, or dismissed, but many are not. While long forgotten, these accounts are viable threats to the security of the network if not properly managed. Each Zombie is waiting for someone to notice them, to let them get into the thing they desire to consume most…. your data. It only takes one zombie account to allow access to your network and wreak havoc on your data center. Still not convinced? Ask Experian, who just lost 15m T-Mobile user data.
Fortunately, no crossbow is needed for IT zombies. What is required is a cyber security strategy to identify and mitigate these threats. Cyber (a little like Zombies) requires distinct levels of defense. While there are different definitions, ViON has four, each one increasingly complex:
- Level One – Information Assurance
- Level Two – Network Operations
- Level Three – 360 degree Situational Awareness
- Level Four – Predictive Analysis
ViON’s Cyber Secure Solution helps with all four of these levels. Here’s how:
Level One – Information Assurance
Information Assurance (IA) is focused primarily on information in digital form, but the full range of IA is not only digital but also analog or physical form. These protections apply to data in transit, both physical and electronic forms as well as data at rest in various types of physical and electronic storage facilities.
Said in a more interesting way, imagine that your network is like a haven from the Undead. Maybe you’ve found a really cool place to ride out the zombie apocalypse. Maybe it is a fortress or maybe an old prison.
We’ve established and buttressed our firewalls, we control user access and have created policies that will allow life to go on inside our safe haven. We believe that we are safe behind our protective environments.
Level Two – Network Operations
Network Operations requires the right balance of security without inhibiting performance. Similar to the browsing security on our computers, we can easily set the sensitivity of our Threat Levels too high. We need the most updated data for defense (like a blacklist of potential bad guys). We need a way to filter all the noise from the real threats. We also need an easy-to-use tool or two (maybe dozens) that are methods to increase the efficiency of the analyst with the ability to investigate potential threats.
These are our guards. We set static guards at our walls (particularly our entry and exit points) and have roving guards inside the network. Our guards know to always be on the lookout for zombies. They have a list of things that look like zombies and are dangerous. But, new dangers crop up. Maybe zombie dogs have found their way inside. Our guards may know that they are dangerous, but are unable to react rapidly to secure the network. The challenge is to keep pace with new threats, while not impacting the capabilities and efficiency of the end users.
Level Three - 360° Situational Awareness
360° Situational Awareness is critical in identifying three things:
1) Attack intentions (the type of attack, i.e. Denial of Service, Malware, BOTs, etc),
2) Vulnerabilities (like portals and organizational weaknesses), and
3) Threat groups or an individual’s intention to conduct attacks.
Imagine that everyone is focused on the walls. Are zombies finding the weak part of the wall? While we totally know what is going on inside the walls, we aren’t looking out far enough. We need people looking at the areas around the network. Zombies are one thing, but how about the gang of outlaw bikers who are pillaging in the next county over? Who else wants to do the group harm? Preparing for and implementing Situational Awareness processes all around is essential to ensure full security.
Level Four – Predictive Analysis
Predictive Analysis is the ultimate goal. It’s the tool that sees the zombies coming and enables organizations to deploy the right defensive measures. It is flexible, agile, and efficient. Once we’ve perfected it, we’ll have to watch for robots from the future coming to hunt us down - but that is a whole other genre of species. Predictive Analysis prepares your team against several potential onslaughts, including:
- Determining threat patterns and trends to identify questionable anomalies that were indicators of an attack.
- Conducting event-based investigations that examine previous successful attacks and identifying the tactics that were employed.
- Designing and implementing countermeasures to block attacks in the future.
ViON’s Cyber Secure provides all of these features for customers. If you want to learn more about Cyber Secure reach out to our Chief Zombie smasher, Director, Product Sales Specialists, Dave Kushner.